Realtime Privacy Monitoring on Smartphones

Update for those interested in installing TaintDroid: Tracking how apps use sensitive information required integrating our software into the Android platform at a low level. As a result, it was not possible to implement TaintDroid as a stand-alone app. Instead, to use TaintDroid you must flash a custom-built firmware to your device, similar to a number of popular community-supported Android ROMs. Please see the instructions for building, installing, and running Taintdroid on your phone.

Overview

A joint study by Intel Labs, Penn State, and Duke University has
identified that publicly available cell-phone applications from
application markets are releasing consumers' private information to
online advertisers. Researchers at the participating institutions have
developed a realtime monitoring service called TaintDroid that
precisely analyses how private information is obtained and released by
applications "downloaded" to consumer phones. In a study of 30 popular
applications, TaintDroid revealed that 15 send users' geographic
location to remote advertisement servers. The study also found that
seven of the 30 applications send a unique phone (hardware)
identifier, and, in some cases, the phone number and SIM card serial
number to developers.

Smartphones offer a convenient way to download and install third-party
applications. Over 200,000 applications are currently available in
Apple's App Store and over 70,000 in Android's Market. Many of these
applications access users' personal data such as location, phone
information, and usage history to enhance their experience. But users
must trust that applications will only use their privacy-sensitive
information in a desirable way. Unfortunately, applications rarely
provide privacy policies that clearly state how users' sensitive
information will be used, and users have no way of knowing where
applications send the information given to them.

The study was led by Jaeyeon Jung (a research scientist at Intel Labs,
Seattle) and William Enck (a doctoral student at Penn State
University). Their peer-reviewed report will be presented at the
USENIX Symposium on Operating Systems Design and Implementation (OSDI)
Oct. 4-6 in Vancouver, BC, Canada. Co-authors on the paper are Peter
Gilbert (a doctoral student at Duke University), Landon Cox (an
assistant professor at Duke University); Byung-Gon Chun (a research
scientist at Intel Labs, Berkeley), Anmol Sheth (a research scientist
at Intel Labs, Seattle); and Patrick McDaniel (an associate professor
at Penn State University).

News

February 6, 2014: We updated the TaintDroid source code for Android 4.3. Please see the build instructions for details.

October 6, 2012: We released the TaintDroid source code for Android 4.1. Please see the build instructions for details.

October 1, 2010: We fixed the following errors in the Table 2 of our OSDI paper:
(1) Moved "Barcode Scanner" to the "Camera only" row. See our letter to the author of the Barcode Scanner application.
(2) Renamed "Layer (Productivity)" to "Layar (Lifestyle)".
(3) Added a footnote to the "Applications" header that says,
"Listed names correspond to the name displayed on the phone and not necessarily the name listed in the Android Market".
(4) Moved "3001 Wisdom Quotes Lite" to the "(Productivity)" category in the same row.

Research Contributions

We designed and developed a system to provide more transparency into how applications use privacy-sensitive information on smartphones. Our OSDI paper describes the system in detail.

We built a realtime information monitoring system called TaintDroid as an enhancement to the popular Android mobile phone platform. A short video clip demonstrating our TaintDroid research prototype is available here.

Using TaintDroid, we studied 30 popular Android applications that use location, camera, microphone data. We found that 15 send users' location information to remote advertisement or analytics servers. However, none of the fifteen applications mentions such data collection practice in the user license agreements, if present at all. More findings are available in our OSDI paper.

People

Contact

questions: info@appanalysis.org

Acknowledgements and sponsors

This material is based upon work supported by the National Science Foundation under Grant No. CNS-0905447, CNS-0721579 and CNS-0643907. Landon Cox and Peter Gilbert's participation was partially supported by NSF CAREER award CNS-0747283, NSF Grant No. CNS-1018547 and NSF Grant No. CNS-0910653.